Book Ambulance Online in Singapore | Getbulance

Getbulance Privacy & PDPA Policy

Effective Date: October 2019
Last Amended: March 2025

Getbulance is operated by Mozzies Pte Ltd (UEN 201914104W). For purposes of this Policy, we are the data controller of the personal data collected through our platform (“Getbulance”), which includes our website and mobile application.

We are committed to safeguarding your personal data in compliance with the Personal Data Protection Act 2012 (PDPA) of Singapore and other applicable data protection laws.

This Privacy & PDPA Policy explains:

  • What personal data we collect;
  • How we use, disclose, store, and protect your personal data;
  • Your rights and choices under PDPA; and
  • How you may contact us regarding your data.

1. Scope

  • This Policy applies to all users of the Getbulance platform, including customers, patients, institutions, providers, and their representatives.
  • It covers data collected through account registration, bookings, communications, payments, provider onboarding, and platform usage.
  • It supplements but does not limit any other terms of use or agreements you may have with us.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

A. Account Data

  • Full name
  • Email address
  • Phone number
  • Organisation and role (for institutions and providers)
  • Account type (Customer / Institution / Provider)
  • Password (encrypted, never stored in plain text)
  • Consent and preference settings (e.g. PDPA, marketing opt-in)

B. Booking Data

  • Pickup and drop-off locations, including ward/bed/unit details
  • Requested dates and times
  • Mobility needs (ambulatory / wheelchair / stretcher)
  • Special requirements (e.g. oxygen, stair-carry, lift access)
  • Return trip details
  • Additional notes or instructions

C. Patient Data

  • Patient name (or initials, where applicable)
  • Masked NRIC/FIN (last 3–4 digits) for identity verification, record-matching, and preventing duplicate or fraudulent bookings

D. Provider (Operator) Data

  • Company name and UEN
  • Licences and regulatory approvals (numbers, expiry dates)
  • Insurance details (type, policy number, validity)
  • Compliance documents (certifications, SOPs, training records)
  • Fleet and vehicle capabilities (equipment, coverage areas)
  • Dispatch/operations contact persons and billing contacts
  • Service performance data (on-time rates, completion metrics)
  • Ratings and reviews received through the Platform
  • Invoices, PO references, and settlement records

E. Communications

  • Messages, calls, and emails exchanged via or relating to the platform
  • Feedback, ratings, and reviews
  • Support tickets and correspondence

F. Payment Data

  • Billing and invoice information
  • Purchase order references, transaction IDs
  • Note: We do not store full credit/debit card details. Payments, if applicable, are processed by secure PCI-DSS compliant payment processors.

G. Technical / Usage Data

  • Device information (model, OS, browser, app version)
  • IP address and approximate location
  • Authentication logs, session activity, and error reports
  • Cookies and SDK identifiers

3. Purposes of Collection and Use

We use personal data for purposes reasonably related to our operations, including:

Service Operations

  • Creating, verifying, and managing user accounts.
  • Processing booking requests, transmitting offers, and managing confirmed bookings.
  • Sharing necessary details with providers to deliver ambulance transport services.
  • Sending operational notifications (offers, updates, reminders) by email, SMS, WhatsApp, or push notification.
  • Providing customer and provider support, handling disputes, and ensuring service quality and safety.

Identity, Safety & Fraud Controls

  • Using masked IC/FIN to verify patient identity, reduce errors, and prevent duplicate or fraudulent bookings.
  • Monitoring for abuse, fraud, and misuse; maintaining audit logs for accountability.

Provider-Specific Purposes

  • Onboarding and verifying providers (licence, insurance, compliance checks).
  • Operational coordination with provider dispatch and billing teams.
  • Compliance monitoring and audits, including regulatory reporting where required.
  • Provider performance management (e.g. KPIs, reviews, dispute resolution).
  • Billing and settlement of provider commission and service fees.

Improvement & Analytics

  • Analysing usage trends to improve platform features, workflows, and user experience.
  • Conducting quality assurance, troubleshooting, and A/B testing.

Legal & Regulatory

  • Meeting legal, regulatory, and contractual obligations.

Marketing (Optional)

  • Sending updates, new features, and promotions — only if you opt in. You can opt out anytime.

4. Disclosure of Personal Data

We may disclose personal data in the following circumstances:

  • To ambulance providers:
    • Before acceptance: limited, non-identifying booking info (e.g. time, general route, requirements) so they can quote.
    • After acceptance: full booking and patient contact details, shared only with the confirmed provider.
  • To institutions/customers: Limited provider data (e.g. licence validity, fleet capabilities, ratings) to support booking decisions.
  • To service providers: IT hosting, cloud storage, messaging, and payment processors — under strict confidentiality and security obligations.
  • To regulators/authorities: Where disclosure is legally required.
  • In corporate transactions: In the event of a merger, acquisition, or sale, subject to safeguards.

We do not sell, rent, or trade personal data to third parties.

5. Consent under PDPA

  • We obtain consent when you create an account, submit bookings, or provide personal data.
  • Consent may also be deemed by conduct, where appropriate (e.g. submitting booking details).
  • Marketing consent is always optional and collected separately.
  • You may withdraw consent at any time by contacting our DPO, though this may affect our ability to provide services.

6. Access and Correction

  • You may request access to personal data we hold about you, subject to reasonable administrative fees.
  • You may request correction of inaccurate or incomplete data.
  • Requests will be processed in accordance with PDPA requirements and exceptions.

7. Retention

  • Personal data is retained only as long as necessary to fulfill the purposes stated in this Policy and to meet legal or business requirements.
  • Provider compliance and settlement records are retained for the duration of the provider relationship and for up to 7 years after termination (to meet legal, tax, and audit requirements).
  • When no longer required, data will be securely deleted or anonymised.

8. Protection

We implement reasonable administrative, technical, and physical safeguards to protect personal data, including:

  • Role-based access controls and audit trails.
  • Encryption of data in transit and at rest.
  • Secure cloud infrastructure (Amazon Web Services via Bubble.io).
  • Secure file storage on AWS S3.
  • Staff training and confidentiality obligations.

Note: No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Storage & Location

  • Hosting & database: The Platform runs on Amazon Web Services (AWS) cloud infrastructure, managed via Bubble.io.
  • Regions: Data is primarily stored in AWS data centres located in the United States. If we use alternative regions (e.g. EU), equivalent protections will be maintained.
  • Files: Attachments and uploads are stored on AWS S3 and distributed via secure content delivery networks.
  • Backups/logs: System backups and operational logs are maintained for continuity, incident response, and compliance.
  • Access: Production data access is restricted to authorized staff only.
  • Comparable protection: Where storage or processing occurs outside Singapore, we ensure protection comparable to PDPA (see Section 10).

10. Overseas Transfers

  • Personal data may be transferred to or stored in jurisdictions outside Singapore (e.g. U.S. or EU).
  • Where this occurs, we ensure recipients provide a level of protection comparable to PDPA, including contractual safeguards.

11. Children’s Data

  • The Platform is not intended for individuals under 18 without parental or guardian involvement.
  • If you believe a minor has provided data without proper consent, contact us and we will remove it.

12. Cookies & Tracking

  • We use cookies, SDKs, and similar technologies for authentication, preferences, analytics, and messaging.
  • You may disable cookies in your browser or device, but some features may not work properly.

13. Your Rights

Under PDPA, you have the right to:

  • Request access to your personal data.
  • Request correction of errors or omissions.
  • Withdraw consent for the collection, use, or disclosure of personal data.
  • Request deletion of your data, subject to legal and operational requirements.

14. Contact – Data Protection Officer (DPO)

Data Protection Officer – Getbulance
📧 Email: askme@getbulance.com -PDPA

15. Changes to this Policy

  • We may update this Policy from time to time to reflect changes in law, technology, or business practices.
  • Updates will be posted on our platform with the revised Effective Date.
  • Your continued use of the platform after updates indicates acceptance of the revised Policy.